Credit cards strengthen security

The two largest credit card associations have released a new version of their security protocol to protect credit card transactions over the Internet, moving a step closer to secure card transactions on the Net.

Stephen Herz, Visa International's senior vice president of electronic commerce, cautions, however, that wide availability of secure
transactions won't come until next year at the earliest.

The revised draft of the Secure Electronic Transactions (SET) specification, released Wednesday by Visa and MasterCard
International, reflects the input of more than 3,000 public comments from 76 nations received since the first draft was posted in February.

Herz described the revisions as "technical in nature," dealing with cryptographic and software issues, not business issues.

SET outlines standards for an end-to-end system for secure transactions and includes software for four distinct groups: cardholders, merchants, payment gateways, and banks. SET is designed to guard against theft or merchant fraud in handling bank
card transactions over the Net.

In February, Visa and MasterCard agreed to drop competing efforts to rally around a single security standard. American Express also backs the SET protocol.

Visa and MasterCard say finalizing the SET protocol will give consumers confidence in making credit card and bank debit card purchases over the Net.

"We believe SET will accelerate electronic commerce," MasterCard
spokeswoman Dorea Smith said. She added that MasterCard research indicates that 90 percent of Internet users in the United States would like to shop online but that 60 percent say they don't
because of security concerns.

"When SET is in place, the perception that security is a huge issue will turn around. Electronic commerce will take off," Smith said.

Visa's Herz echoed that belief: "It should help encourage electronic commerce to go from its infant stages to a mature state."

The two credit card associations expect to begin limited testing of SET early this fall. Based on the results of that trial, the SET standard will be finalized late this year. The companies also
still need to select a software vendor to produce a "reference
implementation" of SET, a sample way for electronic commerce software developers to incorporate SET into various pieces of software.

With the final specification and the reference platform in place, the way would be cleared for online retailers to offer SET-secured transactions to limited numbers of consumers by year's
end, with full-scale roll-outs anticipated in early 1997.

But securing card transactions over the Net takes more than software; it also requires consumers and merchants to obtain "digital IDs" from a certification authority to vouch for their identities. Neither Visa nor MasterCard have announced a certification authority partner yet.

"MasterCard expects to announce a series of infrastructure developments over the next few months to help seed this market, as well as commitments to extend SET to other electronic venues," MasterCard's Steve Mott, senior vice president of electronic commerce, said in a prepared statement.